The Unique Machine Number in FlexNet Publisher and FlexNet Operations

1,910 views

Published on

The Unique Machine Number
in FlexNet Publisher and
FlexNet Operations

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,910
On SlideShare
0
From Embeds
0
Number of Embeds
11
Actions
Shares
0
Downloads
45
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

The Unique Machine Number in FlexNet Publisher and FlexNet Operations

  1. 1. The Unique Machine NumberW H I T E PA P E R in FlexNet Publisher and FlexNet Operations
  2. 2. Table of ContentsExecutive Summary����������������������������������������������������������������������������������������������������������������2Part I: ntroduction to Binding, Activations, and Unique Machine Identifiers ������������������������������2 ITrusted-Storage Binding���������������������������������������������������������������������������������������������������2Activation, Reinstalls, Returns and Repairs��������������������������������������������������������������������������2First-Time Activation Process���������������������������������������������������������������������������������������������4Reinstall Process��������������������������������������������������������������������������������������������������������������4Return Process����������������������������������������������������������������������������������������������������������������4Repair Process����������������������������������������������������������������������������������������������������������������4Properties of an Ideal Unique Machine Identifier�����������������������������������������������������������������5Real-World Unique Machine Identifiers������������������������������������������������������������������������������5Difference Between Binding Elements and the Unique Machine Identifier�������������������������������5Methods for Securing First-Time Activation�������������������������������������������������������������������������5Part II: Development of the Unique Machine Identifier—From the Machine Identifierto Unique Machine Numbers ��������������������������������������������������������������������������������������������������6Summary of Use Cases for the Unique Machine Identifiers���������������������������������������������������6Machine Identifier ����������������������������������������������������������������������������������������������������������6Unique Machine Numbers ����������������������������������������������������������������������������������������������6Issues with Unique Machine Number1 in FlexNet Publisher 11.6.1 toFlexNet Publisher 11.10.1�������������������������������������������������������������������������������������������������7Issues with Unique Machine Number2 in FlexNet Publisher 11.6.1 to 11.10.1�������������������������7Unavailability of Both Unique Machine NumbersLicense Generator Toolkit Policies for Unique Machine Numbers�������������������������������������������9
  3. 3. The Unique Machine Number in FlexNet Publisher and FlexNet Operat ions The Unique Machine Number in FlexNet Publisher and FlexNet Operations Executive Summary Binding is implemented as a measure of a number of This white paper describes the history and use of the hardware elements, each given a specific weight. A unique machine number in FlexNet Publisher® and hardware element, known as a host identifier, can be FlexNet® Operations. the boot disk serial number, Mac address of a suitable Ethernet adapter, CPU identifier, BIOS identifier, RAM size, The information about unique machine number usage hostname, IP address, or another hardware element. in FlexNet Operations applies to the License Generator Toolkit as well. FlexNet Operations and License Generator If the total weight of all host identifiers changes more than Toolkit are publisher license server alternatives. License fifty percent all at once, a binding break occurs, causing Generator Toolkit provides a library on which to build a trusted storage to become untrusted. If the weight of all host custom publisher license server; FlexNet Operations offers a identifiers changes less than fifty percent all at once, the complete publisher license server solution. binding measurement stored in trusted storage is reset to reflect the new hardware environment. Best practices for using unique machine number in FlexNet Publisher on any platform include the following. When trusted storage becomes untrusted, end users can no longer check out its licenses. Usually the only way to • nable all anchors (the default) E reinstate trust is to run a repair on the trusted storage. • n all Windows systems, always use the latest version O (Repairs are discussed in the next section, Activation, of the FlexNet Publisher Licensing Service Reinstalls, Returns, and Repairs.) • ncorporate appropriate reinstall, return and repair I policies in the back office Note: Consider the following additional information about binding: Part I Introduction to Binding, Activations, and Unique Machine • re-12.8 FlexNet Operations versions do not support P Identifiers the ability to customize the binding elements used in a This section provides an overview of the bind, activation, binding configuration. reinstall, return and repair activities used to maintain trusted • lexNet Operations 12.8 offers a virtualization-aware F storage and describes the role that the unique machine binding option, described in part II: Relationship identifier has in performing these activities. Between Unique Identifier for Virtual Machine and Virtual Machine Identifier Trusted-Storage Binding Binding is a technology in trusted-storage-based licensing Activation, Reinstalls, Returns and Repairs designed to fulfill the following requirements: This section steps through the basic processes used to activate, reinstall, return, and repair license rights in trusted • f trusted storage is copied to a new machine, it I storage. To understand these activities, be familiar with the becomes untrusted following terms: • f an existing machine with trusted-storage licenses I undergoes incremental small hardware upgrades, trusted storage remains trusted after each upgrade2 Flexera Software: FlexNet Publisher White Paper Series
  4. 4. The Unique Machine Number in FlexNet Publisher and FlexNet Operat ions Term Definition Unique machine identifier The unique identifier for the machine from which an activation request originates (also called the activation client). Two types of UMIs exist: the machine identifier and the unique machine number. Fulfilment record The license rights loaded in the customer’s trusted storage as a result of an activation. Fulfillment ID An instance of a customer’s RightsID. That is, the Fulfillment ID uniquely identifies a fulfillment record in the customer’s trusted storage. (The Fulfillment ID is allocated to one machine only.) Publisher license server The publisher’s activation server, which, in response to a request from an activation client, activates, reinstalls, returns or repairs license rights in trusted storage on the client. Activation client The customer machine that sends a request to the publisher license server to have license rights activated, reinstalled, returned or repaired in its trusted storage. This machine can be an enterprise license server or a FlexNet client (the machine running a FlexEnabled application). Activation utility The FlexNet Publisher program on the activation client that generates requests and processes responses from the publisher license server. Entitlement ID In general, an identifier pertaining to a customer’s licence rights, but the meaning of this ID differs depending on whether you are in FlexNet Operations or FlexNet Publisher. In FlexNet Operations, the Entitlement ID is much like an invoice ID, referring to the entire bundle of license rights purchased by a single customer. This “invoice” is made up of individual activation entries, each identified by an Activation ID that the customer can then request to activate on their machine as needed. In FlexNet Publisher, the Entitlement ID value is the same as FlexNet Operation’s Activation ID, pointing to the specific activation entry that the customer wants to install from their FlexNet Operation’s entitlement. The customer obtains this ID from the publisher and includes it in activation requests. Note: FlexNet Publisher uses the Entitlement ID label in its V1 activations. When FlexNet Publisher introduced V2 activations, it changed the Entitlement ID label to RightsID. In either case, both IDs have the same value as FlexNet Operation’s Activation ID.* Activation ID A FlexNet Operations identifier pointing to a specific activation entry in a customer’s entitlement. Each activation entry contains a set of purchased rights that are related (for example, license rights for the same product or product edition or for the same license model). A customer’s entitlement can contain multiple activation entries. This Activation ID value serves as the Entitlement ID or RightsID in FlexNet Publisher. RightsID A FlexNet Publisher identifier that is the same as FlexNet Publisher’s Entitlement ID. (FlexNet Publisher uses the label Entitlement IDs in V1 activations and RightsIDs in V2 activations.) FlexNet Publisher obtains this value from the publisher and includes it in the activation request sent to the publisher license server. Both the RightsID and the Entitlement ID use the value of the corresponding FNO Activation ID in the customer’s entitlement.Flexera Software: FlexNet Publisher White Paper Series 3
  5. 5. The Unique Machine Number in FlexNet Publisher and FlexNet Operat ions * The following process descriptions assume that an ideal Return Process unique machine identifier is being used. For license management purposes, FlexNet Publisher can request to return one or more fulfillment records. FlexNet First-Time Activation Process Operations would process this request as follows: A simplified first-time activation between the publisher license server (in this example, FlexNet Operations) and the 1. activation client generates the return request (that The activation utility on the activation client might run like this: includes the unique machine identifier, RightsID, and Fulfillment IDs of records to be returned) and sends it to 1. he activation client generates the activation request T FlexNet Operations. (containing the RightsID and unique machine identifier) 2. lexNet Operations looks up the unique machine F and sends it to FlexNet Operations. identifier in its stored information and determines that it 2. FlexNet Operations generates a new Fulfillment ID and is indeed associated with this RightsID. then records the unique machine identifier, associating 3. n the end-user’s entitlement, FlexNet Operations I it with the Fulfillment ID. Additionally, the Fulfillment ID increments the license count with the returned license. is associated with the RightsID. (A single RightsID can 4. lexNet Operations generates and sends the response F have multiple Fulfillment IDs associated with it.) (containing the unique machine identifier and fulfillment 3. lexNet Operations decrements the license count from F IDs of records to remove) to the activation client. customer entitlement associated with this RightsID. 5. he activation client processes the response to remove T 4. lexNet Operations generates and sends the activation F the license rights. response (containing the fulfillment record, unique machine identifier, and activation request signature) to Repair Process the activation client. A parallel use case to reinstallation is a repair. For various 5. he activation client checks that the unique machine T reasons, trusted storage can become untrusted (see the identifier in the response matches the unique machine FlexNet Publisher: Best Practices for Recovering Trusted identifier obtained from the activation utility. (This step Storage white paper for more information). When this is known as requester verification.) happens, FlexNet Publisher can issue a repair request. 6. activation client loads the fulfillment record into The If the publisher license server (in this example, FlexNet trusted storage. Operations) grants the repair, trusted storage becomes trusted again. The following examples describe two ways in Reinstall Process which trusted storage can become untrusted: Certain situations require an end user to erase the data on the activation-client machine, resulting in the loss of Case A: The trusted-storage file is copied to a new machine trusted storage.1 Under such a circumstance, the customer in an attempt to duplicate licenses. Such a security breach should be able to re-instate their license rights on this same results in a binding break. machine without decrementing the license entitlement Case B: The original licensed machine has a significant again. In this use case, the customer needs to reinstall the hardware upgrade, causing a binding break in license, a process that uses the unique machine identifier: trusted storage. 1. he activation client generates the activation request T Both cases involve a binding break. However, the publisher (containing the RightsID and unique machine identifier) would grant the repair request in Case B only, since the and sends it to the publisher license server (in this requesting machine is the original machine on which trusted example, publisher license server). storage was established. 2. Publisher license server looks up all Fulfillment IDs associated with the RightsID, and then determines In Case A, a new machine (now acting as the activation which Fulfillment IDs, if any, match the unique machine client) is making the repair request. FlexNet Operations identifier sent in the request. would process this request as follows: 3. lexNet Operations does not decrement license count F from end-user’s entitlement. 1. he activation client generates the repair request T 4. lexNet Operations generates and sends the F (containing fulfillment IDs of records to be repaired) and reinstallation response (containing the fulfillment sends it to FlexNet Operations. records, unique machine identifier, and activation 2. lexNet Operations determines that no unique machine F request signature) to the activation client. identifier is associated with the fulfillment IDs. 5. activation client loads the fulfillment record into The 3. lexNet Operations denies the repair request and F trusted storage, as it had done previously. sends this response to the activation client. This is often the case when a laptop is returned by a employee who is leaving–IT reimages the laptop. 14 Flexera Software: FlexNet Publisher White Paper Series
  6. 6. The Unique Machine Number in FlexNet Publisher and FlexNet Operat ionsProperties of an Ideal Unique Machine Identifier • null unique machine identifier is better than one with AThe previous section demonstrated that the unique machine a high mutability. One can set a minimal immutabilityidentifier is instrumental in initial activation, reinstall, and heuristic, such as requiring that a unique machinerepair use cases. The unique machine identifier is recorded identifier have at least Types 1, 2, and 3 Immutabilityduring initial activation on a machine and then used to (see the previous section) in order to be usable.verify the machine for a reinstall or repair. • or any machine, at least one unique machine identifier F should have a non-null value.Ideally, a unique machine identifier should have thefollowing properties: Difference Between Binding Elements and the Unique Machine Identifier • lobal uniqueness, and therefore uniquely identifies G Though interrelated, binding elements and the unique the host machine machine identifier differ in primary purpose: • onsistent availability on all native platforms supported C • inding is a process on the activation-client machine B by FlexNet Publisher. In other words, the identifier is that locks trusted storage to the hardware fingerprint of always retrievable from the subsystem of any FlexNet a machine to prevent the copying of its trusted storage Publisher-supported native platform; the retrieval to another machine process never returns a null value. • he unique machine identifier is used by the publisher T • onsistent availability on virtualized platforms C license server to verify that the machine requesting a supported by FlexNet Publisher reinstall, repair or return request is the same one on • o elevated, administrative or root-privilege N which the licenses were originally activated requirement to extract it • ncrypted format to protect the privacy of the E Methods for Securing First-Time Activation activation-client machine At the time an activation request is issued, vulnerability • mmutability*, the degree of which is determined I exists to process the response on additional machines, thus by the unique machine identifier’s ability to remain granting the fulfillment record to unauthorized locations. unchanged under these conditions: 1. cross consecutive calls within a single activation A The following two methods serve as solutions for deterring process this exploitation. 2. fter restarting the activation process A 3. fter a reboot of the system A Method 1: Binding Before Activation 4. fter configuration changes on the system A Before the request for license rights is granted, require 5. fter the system has been re-imaged A that trusted storage be created and bound to the 6. fter the operating system has been upgraded A requesting machine (see previous section). Then, when 7. fter significant hardware upgrades in the system A the request for activation is generated and sent to the 8. fter a FlexNet Publisher upgrade on the system A publisher license server, a copy of the request is also* This document later refers to Type x Immutability, where x saved in the newly bound trusted storage. The response is one of the eight types of immutability defined above. from the publisher license server includes the sequence number and signature of the original request, which, inReal-World Unique Machine Identifiers turn, is compared to the outstanding request stored inIn practice, unique machine identifiers are not ideal. For trusted storage. Any attempt to copy trusted storage toexample, some unique machine identifiers might have high a second machine by processing the response on thatuniqueness but low availability across an ecosystem of machine results in a binding break, thus preventing themachines. Other unique machine identifiers might be unique response from being processed.and available, but do not have many of the immutabilitytypes defined in the previous section. Method 2: Requester Verification In this case, the unique machine identifier is sent in theIn order to deal with varying levels of uniqueness or request, which is also stored in the (unbound) trustedavailability, one can generate multiple unique machine storage on the requesting machine. The response fromidentifiers with complementary properties. For example, the publisher license server now includes the sequenceone unique machine identifier is likely to be unique, number and signature of the original request, as well aswhile another has high-availability across multiple the unique machine identifier. As a result, the activationdifferent machines. utility must verify not only that the sequence number and signature in the response matches that of the request,One can also define a set of heuristics when retrieving but also that the unique machine identifier of the hostunique machine identifiers, such as the following: matches the one in the response. • null unique machine identifier is better than non- A unique one.Flexera Software: FlexNet Publisher White Paper Series 5
  7. 7. The Unique Machine Number in FlexNet Publisher and FlexNet Operat ions Methods Used in V1 and V2 Activations Unique Machine Machine Identifier Machine Identifier FlexNet Publishers first generation of activation, called Identifier Property on Native on Virtualized V1 activation, uses Method 1. The second generation of Platforms Platforms activation, introduced in FlexNet Publisher 11.8.0 and called V2 activation, uses Method 2 and involves the use of Uniqueness High probability Medium the composite transaction. of uniqueness probability of uniqueness2 FlexNet Publisher 11.10.1 incorporates both methods in its Never Null High confidence High confidence V2 activation transactions. That is, it introduces a default level in having a level in having trusted configuration, which allows binding when the first- non-null value a non-null time request is saved to trusted storage. value, even on unsupported Part II virtualized Development of the Unique Machine Identifier—From the environments Machine Identifier to Unique Machine Numbers Fulfillment ID Yes Yes The previous sections introduced use cases for unique machine identifiers—how these identifiers are needed Publisher License Types 1, 2, and Types 1, 2, and to provide requester verification for various activation Server usually 3 usually 3 activities and how they differ from the identifiers used in trusted-storage binding. Two types of unique machine As the table shows, the machine identifier has a low level identifiers are available—the machine identifier, introduced of immutability. You can raise this level to some degree first, and the unique machine number, introduced later in by removing more volatile host identifiers (such as the IP response to the machine identifier’s immutability issues. address and hostname) from the composite. However, the The following sections describe these two types of unique machine identifier remains a poor choice for immutability machine identifiers. and is therefore not suitable for reinstall, return, or repair use cases. Summary of Use Cases for the Unique Machine Identifiers In summary, the unique machine identifier provides The following are additional considerations about the requester verification for the following use case types: machine identifier: • Type 1–Reinstall • n FlexNet Publisher 11.8.0 through 11.10.0, requests I • Type 2–Repair for first-time V2 activations do not contain the machine • Type 3–Return identifier. • ype 4–Secure first-time activation via requester T • s a result of the previous point, FlexNet Operations A verification versions 12.7 and later do not use the machine identifier as a unique machine identifier. The machine identifier was FlexNet Publisher’s first attempt • lexNet Publisher 11.10.1 provides an optional F at providing a unique machine identifier for these use cases. feature (default trusted configuration), which results in Later, FlexNet Publisher introduced the unique machine a machine identifier being provided in first-time V2 numbers in response to immutability issues with the machine activation requests. identifier. Unique Machine Numbers Machine Identifier In response to concerns about the immutability of the The machine identifier is generated from all host identifiers machine identifier, FlexNet Publisher 11.3 introduced the specified in a binding configuration. Given that the unique machine identifier. machine identifier is based on the binding configuration, a trusted section must be in place (that is, the trusted Description of Unique Machine Number1 and Unique configuration processed) in order to generate machine Machine Number2 identifier. Each trusted section has its own machine The following table below describes the source of unique identifier. machine number1 and unique machine number2 on the various platforms for FlexNet Publisher versions 11.6.1 The following describes the machine identifier’s reliability as to 11.10.1. For these versions, FlexNet Publisher a unique machine identifier for the requesting machine: generates two unique machine numbers to increase the probability that at least one is always retrieved on a given supported platform. In this case, machine identifier is a composite of virtualised host identifiers 26 Flexera Software: FlexNet Publisher White Paper Series
  8. 8. The Unique Machine Number in FlexNet Publisher and FlexNet Operat ions Operating System Unique Machine Number1 Unique Machine Number2 Windows Boot disk serial number. Primary Ethernet Machine address (from first non-removable, non-virtual Ethernet device) Mac Mac Unique System ID. On newer systems, this ID is burned Primary Ethernet Machine address into the motherboard; rendering the number unchangeable. For older systems, this information is on disk and requires low-level formatting to overwrite it. Linux Composite of the serial numbers for all non-removable Primary Ethernet Machine address integrated device electronics devices. This value is available only if the FlexNet Publisher Licensing Service is installed. See Trusted Storage-Based Licensing Programming Reference for installation details. AIX Unique hardware serial number. This value is available on all Primary Ethernet Machine address PCI-based AIX hardware. HP/UX Unique hardware security key. Primary Ethernet Machine address Solaris Serial number generated during manufacturing and written to Primary Ethernet Machine address the EEPROM. This value changes during an operating-system reinstallation on PC hardware. (In other words, unique machine number1 on Solaris Intel does not have Type 6 Immutability.) However, an operating-system reinstallation on SPARC hardware has no effect on unique machine number1.Issues with Unique Machine Number1 in FlexNet Publisher Issues with Unique Machine Number2 in FlexNet Publisher11.6.1 to FlexNet Publisher 11.10.1 11.6.1 to 11.10.1The following are limitations in retrieving unique machine New versions of Linux allow names other than eth(x) fornumber1: Internet Ethernet devices. (For example, these versions might use em(x).) FlexNet Publisher does not yet support querying • nique machine number1 requires elevated privileges U interfaces for the new names; this can result in an inability to on Windows, Mac, and Linux machines retrieve unique machine number2 on some newer systems. • n Windows and Linux, a few instances exist where O hard-disk manufacturers provide models of hard Unavailability of Both Unique Machine Numbers disks with serial numbers that have a low degree of On certain unsupported platforms, FlexNet Publisher might uniqueness. In addition, a virtualized boot disk is retrieve neither unique machine number1 nor unique likely to have a serial number with a low degree of machine number2. When a request contains all null values uniqueness, or have no serial number at all. No serial for the unique machine numbers, FlexNet Operations treats number results in a null unique machine number1. the request as having an error. • n Windows RAID devices, obtaining the boot-disk O serial number might require distinct device drivers Unique Machine Number3 or methods that FlexNet Publisher does not support. FlexNet Publisher 11.10.0 introduced unique machine Consequently, FlexNet Publisher might be unable number3 as a unique identifier for virtual machines. Unique to derive a unique machine number1 from a RAID machine number3 is a hash of the virtualized SMBIOS3 (Redundant Array of Inexpensive Disks) device even if a value. SMBIOS is commonly virtualized by hypervisor valid serial number is available. providers such as VMware and Microsoft. In addition, • n Linux, only IDE devices are queried for serial O virtualization management systems such as VMware’s numbers. Consequently, unique machine number1 is VMotion ensure that all virtual machines being managed often null on Linux systems. have a unique SMBIOS value.See http://www.dmtf.org/standards/smbios for further information3Flexera Software: FlexNet Publisher White Paper Series 7
  9. 9. The Unique Machine Number in FlexNet Publisher and FlexNet Operat ions Note: Consider the following additional information about will be made in such a manner as to minimally degrade the unique machine number3: Type 8 Immutability of that unique machine number(x) value. • lexNet Operations support for unique machine F Relationship Between the Enterprise License Server and number3 starts with version 12.8. Unique Machine Numbers • nique machine number3 is available on virtualization- U The Enterprise License Server, also known as the vendor aware FlexNet Publisher architectures only. daemon, is a license server residing in an enterprise. The Enterprise License Server supports V2 activations between Relationship Between Unique Machine Number3 and Virtual itself and a publisher license server to obtain and manage Machine Identifier its licenses. However, the Enterprise License Server supports On virtual machines, FlexNet Publisher generates a virtual only V1 activations between itself and its enterprise clients. machine identifier for trusted storage binding and includes Additionally, it does not store unique machine number this in the activation request. To support the virtual details about the enterprise clients during V1 activations machine identifier, FlexNet Operations 12.8 introduced and therefore cannot support reinstalls on those clients. a virtualization-aware binding option. If this option is enabled, FlexNet Operations specifies a bind-to- virtual Unique Machine Number1 on Solid State Drives machine identifier binding configuration in the response A number of Windows machines that feature a solid state for any V2 activation request containing a virtual drives as the primary drive have been evaluated for use machine identifier. with FlexNet Publisher. Starting with FlexNet Publisher 11.6.1, unique machine number1 has been successfully The virtual machine identifier and unique machine number3 retrieved on those solid state drivers systems evaluated. have the same value, which is a hash of the virtualized SMBIOS. Unique Machine Number1 on Windows RAID Systems Occasional issues occur in retrieving unique machine Note: Consider the following additional information: number1 from RAID systems on Windows. Since FlexNet Publisher 11.6.1, reports of these issues have substantially • MBIOS is available also on the native hardware, but S decreased. In cases where unique machine number1 is not is not so widely supported by hardware providers as available, FlexNet Operations uses the unique machine it is by hypervisor providers. However, the SMBIOS number2 value. remains a candidate for a unique machine number(x) value for native systems in future FlexNet Operations Policies for Unique Machine Numbers FlexNet Publisher versions. The following describes how FlexNet Operations 12.7 or • nique machine number3 and virtual machine U later handles unique machine number information: identifier are identical values in requests generated in FlexNet Publisher 11.10.0. However, they remain • ny request containing all null values for unique A as separate designations in the request because they machine numbers is rejected. are logically distinct: unique machine number3 is for • ll unique machine numbers that are present in A machine verification in a reinstall, return or repair a request are recorded and associated with the request, while the virtual machine identifier is the Fulfillment IDS of any fulfillment record that FlexNet binding element. Operations creates. • lexNet Operations maintains and periodically updates F Unique Machine Number Mutability heuristics defining which unique machine number(x) When a unique machine number value changes, FlexNet values must be identical to those in the original Operations can deny reinstall, repair or return requests. activation request in order to grant a reinstall, repair, Consequently, Flexera Software avoids changing the or return request. These heuristics can take into account underlying method by which a unique machine number a combination of factors including (but not limited to) is obtained across FlexNet Publisher releases (Type 8 the following: Immutability). However, in some situations, circumstances – Historical reliability of a unique machine number(x) beyond Flexera Software’s control cause a unique machine – new unique machine number(x) (such as unique A number to change. One of these circumstances occurs machine number3) when the operating system of a machine is upgraded (Type – hether the platform from which the request W 7 Immutability). The upgrade can alter the order in which originates is known to be virtualized hardware devices are discovered. – he presence of the machine ID in the request T In addition, FlexNet Publisher can occasionally make minor These heuristics are internal to FlexNet Operations, updates to the methods of obtaining existing UMNs to not configurable by publishers, and subject to change take advantage of newer technologies or to fix bugs in the across FlexNet Operations versions. unique machine number retrieval process. Such updates8 Flexera Software: FlexNet Publisher White Paper Series
  10. 10. The Unique Machine Number in FlexNet Publisher and FlexNet Operat ions • ll unique machine numbers that arrive in a request are A • machine generates a separate MachineID for each A specified in the RequesterVerification section of the trusted section it creates. Most machines will have one response. trusted section, but multiple MachineIDs exist • ublishers cannot configure these policies. P per machine can exist. MachineIDs should be stored in E_UMN.License Generator Toolkit Policies for Unique • crucial factor in deciding whether to grant a request AMachine Numbers is being able to identify the machine from whichThose publishers intending to use license generator toolkit the request originated. According to this design, ifmust implement their own unique machine number-handling an existing FulfillmentID is included in the request,algorithm and back-end database. The following is offered determining the requesting machine is easy. However,as a best-practice recommendation. This recommendation if no existing FulfillmentIDs are present in the requestattempts to provide some flexibility in supporting requests (as might be expected in reinstall requests), determiningacross multiple versions of FlexNet Publisher and license the requesting machine is more difficult. The two casesgenerator toolkit-based-publisher license servers and in are dealt with separately in later sections.allowing machines to update their unique machine numbers.A simpler—but harsher—policy is always to require unique Performing the Update-Unique Machine Number Stepmachine numbers in a request to be identical to those stored After license generator toolkit processes and grants anyin the database and to treat the requesting machine as a valid request, it should always perform an update-uniquenew machine if no match is found. machine number step:Database Design • f existing FulfillmentIDs are included in the request, IIn a FlexNet Publisher request, the following information with at least one trusted FulfillmentID, then license(when present) is used to identify the machine from which generator toolkit should do the following to updatethe request originated: the database: – dentify the machine in E_MACHINE associated I • he various unique machine number(x) values included T with the trusted FulfillmentID, and update E_UMN in the request with any new unique machine numbers or • he machine ID(x) values included in the request T new MachineIDs in the request. A new unique • he RightsID (or Entitlement ID in older V1 requests) T machine number is defined as a non-empty unique • he FulfillmentIDs within the ExistingFulfillments T machine number (x) in the request for which section of V2 requests (that is, existing FulfillmentIDs) no corresponding entry currently exists for that machine in E_UMN.This can be encapsulated in the following database design: – nsure E_FULFILLMENT has entries for all trusted E FulfillmentIDs in the request. 1 0..N 1..N 1 1 1..N • f new or repaired FulfillmentIDs are sent in the IE_RIGHTS E_FULFUILLMENT E_MACHINE E_UMN response, E_FULLFILLMENT and E_UMN entities are updated with the new unique machine numbers or MachineIDs sent in the matching request.This design assumes the following: The purpose of this step is to ensure that new unique machine number (x) (and MachineID(x)) values are • n entry in the E_RIGHTS entity is uniquely identified A incrementally added to the set of unique identifiers by RightsID. associated with a machine. • n entry in the E_FULLFILLMENT entity is uniquely A identified by Fulfillment. Requests With Unique Machine Number3 • RightsID can result in multiple unique FulfillmentIDs A Unique Machine Number3 takes precedence over every across multiple machines. other unique machine number (x) in a request. If a request contains unique machine number3, a machine with aConsider the following in using this database design: matching unique machine number3 must exist in order to grant the reinstall, repair or return request. This requirement • he important entity is E_MACHINE, which is the T exists because unique machine number3 is FlexNet connector between the unique machine numbers Publishers only virtual machine identifier. of a machine and the FulfillmentIDs allocated to that machine. • he design correctly reflects that a machine can have T multiple unique machine numbers and that each FulfillmentID is allocated to only one machine.Flexera Software: FlexNet Publisher White Paper Series 9
  11. 11. The Unique Machine Number in FlexNet Publisher and FlexNet Operat ions If the request is granted, license generator toolkit must BOOL grantRequest (machineObj m, requestObj request) update the unique machine number information in the { database as an additional step in request processing. if request.UMN(3).exists or m.UMN(3).exists then Requests Without Unique Machine Number3 But With { Existing FulfillmentIDs if (m.UMN(3) == request.UMN(3)) Repair, return or upgrade requests might include existing return TRUE FulfillmentIDs, but contain no unique machine number3. else The full algorithm for determining if the request should be return FALSE granted is defined in the sample grantRequest pseudocode } function specified in Using Machine Numbers and Existing FulfillmentIDs to Decide Whether to Grant Requests. // Prefer UMN1 over UMN2 // we always send up UMN1 in requests, even if it’s the The algorithm is forgiving on older clients, but tightens up empty string on new clients. // if a UMN1 was empty in the past, don’t require it to be empty in the future If the request is granted, License Generator Toolkit must // i.e. only check UMN1 if it’s not empty update the using machine number information in the if not(request.UMN(1).empty) and m.UMN(1).exists then database (see Performing the Update-Unique Machine { Number Step) as an additional step in request processing. if (m.UMN(1) == request.UMN(1)) then return TRUE Requests Without Unique Machine Number3 and Existing else FulfillmentIDs return FALSE A request containing neither unique machine number3 nor } existing FulfillmentIDs can be either a first-time activation or a reinstall request use case. FlexNet Operations // Prefer UMN2 over MID distinguishes between the two request types by requiring the // we always send up UMN2 in requests, even if it’s the Reason element in the request activation action to have a empty string value of 1 (for license servers only) or by a reinstall policy. // if a UMN2 was empty in the past, don’t require it to be empty in the future In such cases, one can expect the request to contain a // i.e. only check UMN2 if it’s not empty RightsID and one or more non-empty unique machine if not(request.UMN(2).empty) and m.UMN(2).exists then number (x) values. { if (m.UMN(2) == request.UMN(2)) then For reinstall requests, the first step is to generate a list of return TRUE candidate machines – that is, a list of machines on which else any FulfillmentID was ever generated against the RightsID return FALSE cited in the request. The next step is to call the findMachine } pseudocode function (see Using the RightsID and Unique Machine Numbers to Find Matching Machine). If a machine // Finally, check any MID values is found, the reinstall is granted. for_each MID md in m { Using Unique Machine Numbers and Existing Fulfillment IDs if (request.mid(md.trustedID) == mid) to Decide Whether to Grant Requests { Repair, return or lifecycle-operation requests (such as a return TRUE; product upgrade) are likely to contain details of existing } FulfillmentIDs. For a given request, license generator toolkit } should determine whether the request comes from the same machine on which the original activation occurred. return FALSE; The following is a sample pseudocode algorithm that license generator toolkit could use to determine whether to } grant the request. (A lookup in the E_FID database entity determines the machineObj.)10 Flexera Software: FlexNet Publisher White Paper Series
  12. 12. The Unique Machine Number in FlexNet Publisher and FlexNet Operat ionsUsing the RightsID and Unique Machine Number to Find // finally we’ll look for a MID matchMatching Machine for_each machineObj m in lm such_thatIn the reinstall use case, the request might contain no ( not(m.UMN(3).exists and not(m.UMN(1).exists andexisting FulfillmentIDs, only the RightsID and unique not(m.UMN(2).exists )machine numbers. If such a request is received (and license {generator toolkit determines it to be a reinstall request), for_each MID md in mthe following sample pseudocode algorithm determines to {which machine, if any, the reinstall request can be granted. if (request.mid(md.TrustedID) == md)(Before calling findMachine, the caller first determines a {list of candidate machines via a lookup in the E_RIGHTS return m;database entity.) } } }machineObj findMachine(listOfMachines lm, requestObjrequest) return nullMachine;{ } // UMN3 trumps other UMNs. No UMN3 match meanswe fail to find a machine if request.UMN(3).exists then { for_each machineObj m in lm { if request.UMN(3) == m.UMN(3) then return m } return nullMachine; } // if we can’t find a UMN3 match, we’ll look for aUMN1 match, // but only in machines where there is no existing UMN3in E_UMN if not(request.UMN(1).empty) then { for_each machineObj m in lm such_that not(m.UMN(3).exists) { if request.UMN(1) == m.UMN(1) return m } } // if we can’t find a UMN3 match, or a UMN1 matchwe’ll look for a UMN2 match, // but only in machines where there is no existing UMN3or UMN1 in E_UMN if not(request.UMN(2).empty) then { for_each machineObj m in lm such_that ( not(m.UMN(3).exists and not(m.UMN(1).exists ) { if request.UMN(2) == m.UMN(2) return m } }Flexera Software: FlexNet Publisher White Paper Series 11
  13. 13. Flexera Software LLC Schaumburg United Kingdom (Europe, Japan (Asia, For more office locations visit:1000 East Woodfield Road, (Global Headquarters): Middle East Headquarters): Pacific Headquarters): www.flexerasoftware.comSuite 400 +1 800-809-5659 +44 870-871-1111 +81 3-4360-8291Schaumburg, IL 60173 USA +44 870-873-6300Copyright © 2012 Flexera Software LLC. All other brand and product names mentioned herein may be the trademarks and registered trademarks of their respective owners. FNP_WP_UMN_Feb12

×